A remote attacker could exploit this vulnerability by enticing a user
to load a malicious font file resulting in the execution of arbitrary
code with the permissions of the user running the X server which
typically is the root user. A local user could exploit this
vulnerability to gain elevated privileges.

Workaround

Disable CID-encoded Type 1 fonts by removing the "type1" module and
replacing it with the "freetype" module in xorg.conf.